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Methodology 


Reviewed system drawings, specifications and 
standards, project documentation 

Evaluated draft test procedure OTM-2002 

Consideration of risks 

Requirement, potential human error, and analysis of 
the error 
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Six Major Categories Evaluated 


Personnel Certification 
Test Procedure Format 
Test Procedure Safety Controls 
Test Article Data 
Instrumentation 
Voice Communication 



Topics Addressed 


Requirement 
Potential Human Error 
Performance-Shaping Factors 
Potential Effects of the Error 
Barriers and Controls 
Risk Priority Number 
Recommended Actions 


Performance Shaping Factors 


Internal - within the worker; human attributes 
typically related to physical or mental 
characteristics 

examples - skills , knowledge, strength, stress, 
fatigue, motivation 

External - factors outside the worker that affect 
human performance 

examples - inadequate tool design, 
environmental factors, incomplete 
documentation, insufficient training 
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Potential Effects of the Error 


Injury to personnel 
Equipment damage 
Test delay 
Repeat test 
Invalid data 

System activation delay 
Unknown configuration 
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Barriers and Controls 


Barriers - prevent the error from occurring 

examples - design safeguards, physical 
restraints 


Controls - prevent the effect of the error from 
occurring 

examples - training, on-the-job experience, 
documentation, briefings, communication 



Risk Priority Numbers (RPN’s) 

Used a 10-point scale 

Severity - assess the magnitude of the 
immediate effect of the error 

Detection - assess the effectiveness of the 
controls, thus impacting the effects of the error 

Likelihood - assess the occurrence of the error 

Risk Priority Number = SxDxL 

Highest RPN’s need most attention 

Recommended actions 
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Report 
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Lessons learned 

Conclusion and recommendations 
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EXECUTIVE SUMMARY 


A process task analysis effort was undertaken by Dynacs Inc. commencing in June 2002 under 
contract from NASA YA-D6. Funding was provided through NASA’s Ames Research Center 
(ARC), Code M/HQ, and Industrial Engineering and Safety (IES). The John F. Kennedy Space 
Center (KSC) Engineering Development Contract (EDC) Task Order was 5SMA768. 

The scope of the effort was to conduct a Human Factors Process Failure Modes and Effects 
Analysis (HF PFMEA) of a hazardous activity and provide recommendations to eliminate or re- 
duce the effects of errors caused by human factors. The Liquid Oxygen (LOX) Pump Accep- 
tance Test Procedure (ATP) was selected for this analysis. 

The HF PFMEA table (see appendix A) provides an analysis of six major categories evaluated 
for this study. These categories include Personnel Certification, Test Procedure Format, Test 
Procedure Safety Controls, Test Article Data, Instrumentation, and Voice Communication. 

For each specific requirement listed in appendix A, the following topics were addressed: Re- 
quirement, Potential Human Error, Performance-Shaping Factors, Potential Effects of the Error, 
Barriers and Controls, Risk Priority Numbers, and Recommended Actions. 

This report summarizes findings and gives recommendations as determined by the data contained 
in appendix A. It also includes a discussion of technology barriers and challenges to performing 
task analyses, as well as lessons learned. 

The HF PFMEA table in appendix A recommends the use of accepted and required safety criteria 
in order to reduce the risk of human error. The items with the highest risk priority numbers 
should receive the greatest amount of consideration. Implementation of the recommendations 
will result in a safer operation for all personnel. 
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1. INTRODUCTION 

A process task analysis effort was undertaken by Dynacs Inc. commencing in June 2002 under 
contract from NASA YA-D6. Funding was provided through NASA’s Ames Research Center 
(ARC), Code M/HQ, and Industrial Engineering and Safety (EES). The John F. Kennedy Space 
Center (KSC) Engineering Development Contract (EDC) Task Order was 5SMA768. 

The scope of the effort was to conduct a Human Factors Process Failure Modes and Effects 
Analysis (HF PFMEA) of a hazardous activity and provide recommendations to eliminate or re- 
duce the effects of errors caused by human factors. The Liquid Oxygen (LOX) Pump Accep- 
tance Test Procedure (ATP) was selected for this analysis. 

The HF PFMEA table (see appendix A) provides an analysis of six major categories evaluated 
for this study. These categories include the following: 

a. Personnel Certification 

b. Test Procedure Format 

c. Test Procedure Safety Controls 

d. Test Article Data 

e. Instrumentation 

f. Voice Communication 

For each specific requirement listed in appendix A, the following topics were addressed: 

a. Requirement 

b. Potential Human Error 

c. Performance-Shaping Factors 

d. Potential Effects of the Error 

e. Barriers and Controls 

f. Risk Priority Numbers 

g. Recommended Actions 


1 
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This report summarizes findings and gives recommendations as determined by the data contained 
in appendix A. It also includes a discussion of technology barriers and challenges to performing 
task analyses, as well as lessons learned. 

2. BACKGROUND 

Two new candidate pumps are scheduled to be tested during fiscal year 2003 as potential spares 
for use in the LOX loading operations at Launch Complex 39. The pumps were acquired from 
Borg Warner International Products and are being provided by NASA PH for testing at the Ad- 
vanced Technology Development Center (ATDC) located at Complex 20 on Cape Canaveral Air 
Force Station. The pumps were designed and manufactured to be as identical as possible to the 
current pumps. 

Initial testing of the two pumps will be conducted using the water flow loop at the Launch 
Equipment Test Facility (LETF) located in the Industrial Area of Kennedy Space Center. Subse- 
quent testing using liquid nitrogen (LN 2 ) and LOX will be performed at the ATDC. 

Systems Assurance Analyses (SAA’s) that will include hardware FMEA’s for the many different 
facility systems comprising the ATDC are being developed separately. The focus of this study 
was limited to the conduct of a HF PFMEA for the LOX pump testing at the ATDC. 

3. APPROACH 

This HF PFMEA consisted of reviewing system design drawings, applicable referenced specifi- 
cations and standards, the test procedure, and draft versions of several documents being devel- 
oped specifically for the ATDC. 

The project-specific documents include the Liquid Oxygen Pump Acceptance Test Requirements 
Document (85K01304, 90% draft dated May 8, 2002), the Liquid Oxygen Pump Acceptance Test 
Plan (KSC-YA-5732, 30% draft version, dated June 19, 2002), and Liquid Oxygen Pump Cryo- 
genic Test Procedure (OTM 2002, draft version, dated February 22, 2002), the Safety and Mis- 
sion Assurance Plan for ATDC (85K01050, draft version, dated September 2002), and the Risk 
Management Plan for ATDC (85K01010, draft version, dated May 11, 2001). Operations and 
Maintenance Instruction (OMI) G21 15 M01, LOX Pump Test, was also reviewed. 

NSS 1740.15 was found to be the most comprehensive source of information and guidelines ap- 
plicable to risks associated with the planned LOX pump testing activity. KHB 1710.2 also pro- 
vides guidance for hazardous operations. 

4. DISCUSSION 

Initial testing of the LOX pumps at the new ATDC facility will be conducted using LN 2 . This 
will provide operators familiarization with the ATDC facility, ground support equipment (GSE) 
systems, and the test article itself. It will allow for facility design or testing problems to be ad- 
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dressed prior to entering the hazardous LOX phase of testing. At this time, additional test proce- 
dure modifications related to human factors could also be considered. They would be presented 
in accordance with severity of the associated risks. 

It is important to note that the test procedure evaluated for this study is in very early draft form 
and that ongoing facility design will result in any number of changes to the procedure. The in- 
formation presented in this report provides an evaluation of applicable human factor conditions 
that warrant attention due to the hazardous nature of cryogenic operations. In addition, the re- 
sults describe typical human factor considerations that can be applied to other test operations. 

Appendix A outlines six major areas judged applicable for evaluation and the following para- 
graphs summarize significant points. 

4.1 PERSONNEL CERTIFICATION 

Personnel certifications related to cryogenic operations, and specifically LOX operations, have 
not been instituted for the contractor (EDC) employees who will be performing the operations. 
Cryogenic Safety training is essential for all employees involved in LOX operations. Certifica- 
tions should be considered as well. 

Currently, the Safety and Mission Assurance Plan for ATDC states that, as a minimum, all em- 
ployees working with cryogenics must have attended the Cryogenics Safety and High Pressure 
Gas Safety courses. Records for EDC personnel indicate that many employees have attended the 
subject training. Attendance in most cases, however, was many years ago. Since the courses are 
set up as one-time only, refresher training is not routinely scheduled. 

In addition, NSS 1740.15 paragraph 103, Personnel Training, states that personnel be certified in 
accordance with NHB 1700.1 and they shall be qualified to respond properly to all foreseeable 
failure modes. They must be trained in the selection of equipment for handling LOX in the pro- 
cedures for handling spills and leaks and disposing of oxygen. 

The experience base on the EDC includes significant test operations using both liquid nitrogen 
and liquid hydrogen. The additional hazards associated with liquid oxygen need to be identified 
and presented to operations personnel in a formal manner and controlled to reduce risk of acci- 
dent. Safeguards must be established and enforced in order to minimize the occurrence and ef- 
fect of an error. 

NASA personnel involved in cryogenic operations also require safety training and certification in 
accordance with KHB 3410.1. The recommendations for EDC personnel should also be applied 
to NASA. 


3 
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4.2 TEST PROCEDURE FORMAT 

The acceptance test procedure is designated as an Operations Technical Manual (OTM). The 
Objective section of the OTM states, “This procedure is a subtask procedure, which provides de- 
tailed direction for operating facility equipment in support of a specific test or system check. 

Since this test is a category 1 hazardous operation, as defined in KHB 1710.2, a Safety- approved 
format such as the OMI should be employed. Utilizing the OMI format would help to standard- 
ize the hazardous procedure requirements. 

4.3 TEST PROCEDURE SAFETY CONTROLS 

Emergency Procedures, included as Appendix Z to OTM 2002, are separated into eight different 
types of emergencies. This structure could lead to confusion and mishandling of an emergency. 

In any event, Emergency Procedures must be emphasized at every pretest briefing. 

Weather restrictions, clear areas, controlled access areas, and fire services notification also re- 
quire further attention. Multiple Safety offices will perform thorough evaluations and approval 
of the procedure. 

4.4 TEST ARTICLE DATA 

NSS 1740.15 states, “Materials procured for use in oxygen systems require a material certifica- 
tion from the manufacturer.” Originals or copies of this information need to be provided to the 
contractor Quality Assurance organization for inclusion in the acceptance data package. The ma- 
terials must be compatible with oxygen and include certification from the vendor. 

Pump manufacturer data must demonstrate the pump meets all the safety requirements for oxy- 
gen use. Material certifications must be obtained for all materials that will be exposed to oxygen. 

Cleaning records must be obtained and maintained for the test article and the gaseous and cryo- 
genic portions of the system. Originals or copies of this information should be provided to the 
contractor Quality Assurance organization for inclusion in the acceptance data package. 

A contaminated system will cause personnel to be exposed to risks resulting from unknown con- 
figuration. In the event that a material, design, or handling problem leads to a mishap, the results 
could be catastrophic. 

4.5 INSTRUMENTATION 

Accurate and verified calibration of instrumentation used in test operations is critical to ensure 
successful test operations. Selection of the correct instrumentation is also essential to obtain in- 
formative results. 
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Definition of instrumentation requirements is worked in conjunction with development of test 
requirements. The methods and practices used in the implementation of instrumentation re- 
quirements must be established, documented, and followed in order to ensure reliable test results. 
Consideration must be given to equipment calibration, accuracy, and range, frequency response, 
proper location in the system, and end-to-end verification to ensure the data gathered and re- 
corded are consistent with the desired results. 

Also, sufficient time must be allocated to prepare the necessary instrumentation as previously 
stated to support all phases of the testing process. 

4.6 VOICE COMMUNICATION 

Voice communications requirements are established in both the facility setup and in the test op- 
erations documentation. Preliminary checkout and functional verification of the systems and 
equipment must be performed to ensure proper operation. Specifics related to the test operations, 
such as hazards, test objectives, and communication protocols, are discussed at pretest briefings. 
All personnel are responsible for understanding communication requirements and notifying the 
test conductor of any equipment problems. 

The 85K01050, ATDC Safety and Mission Assurance Plan, specifies the overall safety require- 
ments for hazardous operations at ATDC. It is recommended that the applicable information 
also be specifically addressed in the test procedure, since personnel conducting test operations 
will not likely have the S&MA Plan available. 

5. TECHNOLOGY BARRIERS AND CHALLENGES TO PERFORMING TASK 
ANALYSES 


Some technology barriers inhibiting the ability to perform task analyses do exist. One area cur- 
rently being addressed is the creation of software tools that will facilitate the performance of task 
analyses. Another barrier is ready availability of necessary data for input into the tools. A sys- 
tem that accepts early definition of data requirements for task analyses would be beneficial. 

Challenges to performing task analyses include the amount of labor required and the associated 
costs. Other challenges are the need to ensure the analyses provide effective results that help to 
reduce risks related to human factors and the drive to expand awareness, understanding, and ap- 
preciation of the benefits of task analyses. 

As the field of human factors expands into more project areas, the knowledge resulting from task 
analyses activities will become more valued. A good way to accomplish this expansion is to de- 
velop working relationships with the design and operations organizations and communicate the 
goals, methods, and benefits of task analyses. Finally, consideration of the findings and recom- 
mendations is essential to realization of the results and benefits of task analyses. 


5 
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6. LESSONS LEARNED 

A primary lesson learned is an increased awareness of the value in performing task analyses. The 
concentration of experience within the discipline of human factors must be expanded further into 
the design and assurance activities for new projects. Consideration of human factors on existing 
operations is equally as important, especially for critical, hazardous, or complex operations. 

Early integration of the task analysis process into design or operations activities would minimize 
cost and aid in acceptance of task analysis recommendations. In today’s budget environment, 
resource and funding availability is an area that also requires attention in order to conduct task 
analyses with beneficial results. Workforce awareness, knowledge, and appreciation of task 
analyses and their benefits will continue to increase as more task analyses are performed and util- 
ized. 

Quantifying the benefits of task analyses results is difficult during the design and early opera- 
tional stages, as the availability of historical process data does not already exist. For established 
processes, however, analytical data can be collected to quantify the results or effects of process 
task analysis recommendations. 

7. CONCLUSION AND RECOMMENDATIONS 

Conducting process task analyses, particularly on hazardous operations, is a worthwhile, cost- 
effective, beneficial activity. Awareness of the human element and its potential effect on an op- 
eration must be placed at the forefront of operations. Task analyses provide a means to formalize 
the subject of human factors and provide documentation and mitigation of potential human factor 
issues. 

The HF PFMEA table recommends the use of accepted and required safety criteria in order to 
reduce the risk of human error. The items with the highest risk priority numbers should receive 
the greatest amount of consideration. Implementation of the recommendations will result in a 
safer operation for the benefit of all personnel. 
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APPENDIX A 


HUMAN FACTORS PROCESS FAILURE MODES AND EFFECTS 
ANALYSIS (HF PFMEA) 

LOX PUMP ACCEPTANCE TEST PROCEDURE 
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HUMAN FACTORS PROCESS FAILURE MODES AND EFFECTS ANALYSIS (HF PFMEA) 
LOX PUMP ACCEPTANCE TEST PROCEDURE 


■ 

Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

Barriers and 
Controls 

S 

D 

L 

RPN 

Recommended Actions 

■ 

Personnel 

Certification 


1.1 

Engineering De- 
velopment Con- 
tract employee 
certification pro- 
gram 

Improper safety 
precautions; 
judgement error 

LTA recent 
knowledge 

Mishap; 

Emergency 

handling 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 

10 

10 

8 

800 

Review and update EDC safety 
training program for cryogenics 
per KHB 3410.1 

1.2 

NASA employee 

certification 

requirements 

Improper safety 
precautions; 
judgement error 

LTA recent 
knowledge 

Mishap; 

emergency 

handling 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 

10 

10 

8 

800 

Review and update NASA safety 
training program for cryogenics 
per KHB 3410.1 

1.3 

LOX-specific 

training 


LTA training 
requirements 
for LOX test- 
ing 

LOX-related 

emergency 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 

10 

10 

8 

800 

Establish and administer LOX- 
specific training and certification 

1.4 

Experience levels 

Improper safety 
precautions; 
judgement error 

Unfamiliar 
with LOX haz- 
ards 

Mishap; injury; 
hardware dam- 
age 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 

10 

10 

6 

600 

Designate experienced cryogenics 
lead 

1.5 

System 

familiarity 

Improper safety 
precautions; 
judgement error 

New system; 
LTA documen- 
tation 

Mishap; injury; 
hardware dam- 
age 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 

10 

10 

6 

600 

Provide hands-on system experi- 
ence; document system-unique 
information 



























■ 

Requirement 

Potential 
Human Error 

Performance - 
Shaping 
Factor 

Potential 
Effects of Error 

Barriers and 
Controls 

S 

1.6 

Defined test team 

Improper safety 
precautions; 
judgement error 

LTA training 
background 

Operator not 
certified 

Adequate train- 
ing for using 
LOX; on-the- 
job experience 


2 

Test Procedure 
Format 


■ 

L 

RPN 

Recommended Actions 

5 

5 

125 

Establish proper mix of test per- 
sonnel; designate roles and respon- 
sibilities; conduct dry run opera- 
tions 






Mishap; test 

OMI format 





Revise test procedure to be an 


OTM vs. OMI 


LTA instruc- 

delay; test in- 

required per 





OMI instead of the less formal 

2.1 

format 


tions 

validation 

KHB 1710.2 

8 

8 

7 


OTM 


2.2 

Cautions, warn- 
ings, and notes 

Overlook cau- 
tion, warning, or 
note 

LTA instruc- 
tions 

Mishap; missed 
data 

OMI format 
required per 
KHB 1710.2 

10 

6 

6 


Make cautions, warnings, and 
notes more noticeable, as is the 
case in OMI G21 15, LOX Pump 
Test 

2.3 

Commingling 
LOX and LN 2 
steps 

Misread test 
instruction step 

Similarity of 
wording but 
significantly 
different safety 
criteria 

Mishap; missed 
data 

None 

9 

9 

8 

648 

Make separate test sequences for 
LN 2 and LOX testing 

1 

"Not performed" 
steps 

Perform and buy 
off step that 
should have 
been skipped 

"Not per- 
formed" crite- 
ria not well 
defined 

Mishap; incor- 
rect step per- 
formed; test 
invalidation; 
test repeat; 
schedule slips 

Format per 
KHB 1710.2 

9 

9 

8 

648 

Include criteria prior to "Not Per- 
formed" steps; include buy-off for 
"NP" 

2.5 

Clarity of word- 
ing of test in- 
struction steps 

Misunderstood 
test instruction 
step 

LTA test in- 
structions; as- 
sumption of 
operator 
knowledge 

Mishap; incor- 
rect step per- 
formed; test 
invalidation; 
test repeat; 
schedule slips 

None 

9 

9 

8 

648 

Revise steps to clarify wording and 
eliminate assumptions 
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■ 

Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

Barriers and 
Controls 

S 

D 

L 

RPN 

I 

Recommended Actions 

2.6 

Technician and 
Quality buy-off 
steps 

Missed verifica- 
tion 

LTA documen- 
tation; dis- 
tracted; multi- 
ple events 
occurring at 

in i „ 1 - - 

Inaccurate 
data; unknown 
configuration 

Format per 
KHB 1710.2 

8 

8 

5 

320 

Revise test procedure to include 
necessary technician and quality 
buy-offs 

2.7 

Authorizing 

documentation 

Misunderstood 

instruction 

bllaeity of au- 
thorizing 
documentation; 
documentation 
missing 

Test steps not 
performed as 
needed 

EDC Work 
Control system 

5 

5 

3 

75 

Ensure authorizing documentation 
prepared, distributed, and under- 
stood; address questions prior to 
test operations 

2.8 

Pretest and Post- 
test briefings 

Information not 
received or un- 
derstood 

Absent from 
briefing; dis- 
tracted 



8 

5 

5 

200 

Ensure attendance and address 
questions 

2.9 

Shutdown and 
restart operations 

Performing ac- 
tion without 
documented test 
procedure steps 

LTA documen- 
tation; informa- 
tion not dis- 
tributed 

Improper shut- 
down; un- 
known configu- 
ration 

Approved pro- 
cedure devia- 
tions 

9 

2 

8 

144 

Establish method to document 
shutdown and restart operations; 
communicate at pretest briefings 

3 

Test Procedure 
Safety Controls 

3.1 

Clear areas/ 
controlled areas 

Not established 
or not properly 
controlled 

LTA instruc- 
tions or en- 
forcement 

mm 


7 

2 

2 

28 

Emphasize safety controls during 
pretest briefings 

3.2 

Essential person- 
nel 

Unauthorized 
personnel in 
area 

LTA instruc- 
tions or en- 
forcement 

Mishap; injury 

Access badge 
checks; camera 
monitoring 

4 

2 

2 

16 

Enforce personnel limits approved 
in test procedure 

3.3 

Weather restric- 
tions 

Failure to heed 
warnings; fail- 
ure to hear 
warnings 

Speakers miss- 
ing or not func- 
tioning; exces- 
sive noise 
masking an- 
nouncement; 
wet structures 

Weather- 
enhanced mis- 
hap; lightning 
strikes 

Public Address 
announcement 

9 

2 


72 

Verify PA system operation prior 
to test commencement; emphasize 
weather restrictions during pretest 
briefings 
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Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 


Emergency shut- 
down 

Panic; mishan- 
dled emergency 

LTA instruc- 
tions; unfamil- 
iar with in- 
structions 

Increased risk 
or damage 

3.5 

Equipment 

calibration 

Failure to check 
calibration 
status; failure to 
maintain current 
calibration 

LTA instruc- 
tions; schedule 
pressures 

Inaccurate 
data; configura- 
tion unknown; 
dangerous con- 
ditions not 
identified; test 
delay 

3.6 

Fire services 
notification 

Fail to notify 

LTA instruc- 
tions 

Fire services 
unaware of 
hazardous op- 
erations; un- 
derstaffed for 
support 

3.7 

Test configura- 
tion control 

Operating in 
unknown con- 
figuration 

Inadequate 

documentation 

Mishap; test 
invalidation; 
injury; hard- 
ware damage 


Barriers and 
Controls 

S 

D 

L 

RPN 

Recommended Actions 

Test procedure 
appendix Z; 
pretest brief- 
ings; commu- 
nication sys- 
tem; trained 
emergency 
personnel 

10 

5 

8 

400 

Emphasize emergency procedures 
during pretest briefings; dry run 
emergency procedures 


10 

2 

3 

60 

Document calibration requirements 
on work instructions; include veri- 
fication requirement in test proce- 
dure (Preoperations Setup Instruc- 
tions) 

Preoperation 
setup instruc- 
tions; responsi- 
ble safety per- 
son 

10 

1 

2 

20 

Add test procedure steps to ac- 
complish notification; buy off 
when complete 


Verification of 
test con- 
figuration; con- 





Establish and maintain configura- 

trolled areas; 





tion control at all times; document 

essential per- 





all changes on test deviation; ver- 

sonnel 

10 

4 

4 

160 

ify new configuration 
































■ 

Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

Barriers and 
Controls 

S 

D 

L 

RPN 

Recommended Actions 

■ 

Test Article 
Data 

4.1 

Manufacturer 

data 

Failure to secure 
information for 
review and veri- 
fication with 
oxygen re- 
quirements 

Information 
unavailable, 
delayed, or in- 
complete 

Unknown his- 
tory, character- 
istics, or condi- 
tion of test arti- 
cle 

Information 
required per 
NSS 1740.15 

3 

10 

10 

300 

Assign responsibility for securing 
and providing necessary informa- 
tion. Include test procedure steps 
(Preoperation Setup Instructions) 
to verify information obtained and 
validated 


Material certifi- 
cations for LOX 
compatibility 

Failure to secure 
information for 
review and veri- 
fication with 
oxygen re- 
quirements 

Information 
unavailable, 
delayed, or in- 
complete 

Unknown his- 
tory or charac- 
teristics of test 
article; applica- 
tion incompati- 
bility; test de- 
lay; mishap 

Information 
required per 
NSS 1740.15 

3 

10 

10 


Assign responsibility for securing 
and providing necessary informa- 
tion. Include test procedure steps 
(Preoperation Setup Instructions) 
to verify information obtained and 
validated 

1 

Pump and motor 
certifications 

Failure to secure 
information for 
review and veri- 
fication with 
oxygen re- 
quirements 

Information 
unavailable, 
delayed, or in- 
complete 

Unknown his- 
tory or charac- 
teristics of test 
article; applica- 
tion incompati- 
bility; test de- 
lay; mishap 

Information 
required per 
NSS 1740.15 

3 

10 

10 

300 

Assign responsibility for securing 
and providing necessary informa- 
tion. Include test procedure steps 
(Preoperation Setup Instructions) 
to verify information obtained and 
validated 

1 

Cleaning records 

Failure to secure 
information for 
review and veri- 
fication with 
oxygen re- 
quirements 

Information 
unavailable, 
delayed, or in- 
complete 

Unknown con- 
dition of test 
article; test de- 
lay; mishap 

Information 
required per 
NSS 1740.15 

8 

5 

5 

200 

Assign responsibility for securing 
and providing necessary informa- 
tion. Include test procedure steps 
(Preoperation Setup Instructions) 
to verify information obtained and 
validated 
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■ 

Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

5 

Instrumentation 

5.1 

Calibrated 

equipment 

Use of improper 
equipment 

Requirements 
not defined, 
documented, or 
verified 

Equipment out 
of tolerance; 
unknown sys- 
tem conditions; 
unverifiable 
data; incorrect 
data; test in- 
validation 

5.2 

Instrumentation 
and calibration 
documentation 

LTA documen- 
tation; incorrect 
or out-of-date 
documentation 

Requirements 
not docu- 
mented 

Invalid installa- 
tion and set up 



Instrumentation 




set up incor- Activation de- 

rectly; lack of lay; test delay; 

Define require- proper instru- Requirements insufficient 

5.3 ments mentation not defined data collection 


Clear require- 
ments; coor- 
dination meet- 
tings; test 
documentation 
defining re- 
quirements; 
conduct de- 
tailed Re- 
quirements Re- 
views 10 1 2 


Provide list of all transducers and 
test equipment with ranges, cali- 
bration curves, locations, and cali- 
20 bration dates 


Clear require- 
ments; coordi- 
nation meet- 
ings; test docu- 
mentation 
defining re- 
quirements; 
conduct de- 
tailed Re- Document requirements in work 

quirements Re- instructions; distribute documenta- 

views 10 5 3 150 tion; master copy on site 

Conduct de- 
tailed Re- 
quirements Re- 


views 


10 


5 


3 


Clearly define requirements; en- 
150 sure understanding 



































A-9 



Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

Barriers and 
Controls 

S 

D 

L 

RPN 

Recommended Actions 

5.4 

Permanent vs. 
test-specific 
equipment and 
instrumentation 

Overlook re- 
quirements 

Responsibili- 
ties not deline- 
ated; incorrect 
assumptions 
regarding exist- 
ing instrumen- 
tation 

Missed data 
collection; test 
delay 

Configuration 
control; Master 
copy of instru- 
mentation and 
equipment 

5 

5 

2 

50 

Clarify difference; delineate re- 
sponsibilities for operations and 
calibrated equipment 

5.5 

Availability of 
necessary sensors 
and equipment 

Unapproved 

substitution 

Schedule pres- 
sures; parts 
availability; 
inadequate 
planning 

Out-of-range 
equipment or 
sensor used; 
data collection 
problems; test 
invalidation 

Conduct de- 
tailed Re- 
quirements Re- 
view; configu- 
ration control; 
test constraints 

10 

2 

2 

40 

Provide list of all transducers and 
test equipment with locations and 
calibration dates; expedite missing 
items 

5.6 

Sufficient prep 
time in schedule 

Incomplete or 
partial prepara- 
tion 

Time con- 
straints 

Test delay; re- 
duced capabil- 
ity 

Requirements 
Review; sched- 
ule review and 
inputs 

5 

9 

9 

405 

Coordinate with instrumentation 
and determine amount of time re- 
quired 

6 

Voice 

Communication 

System 










6.1 

Voice communi- 
cation 

Incorrect chan- 
nel setting 

Unfamiliar 
with system; 
channel indica- 
tors unavail- 
able 

No communi- 
cation; 

miscommuni- 

cation 

Assignment of 
operations 
channel and 
work channel; 
call to stations; 
pretest brief- 
ings 

9 

3 

3 

81 

Adequate documentation; empha- 
size communication requirements 
and importance in pretest briefings 




■ 

Requirement 

Potential 
Human Error 

Performance- 

Shaping 

Factor 

Potential 
Effects of Error 

Barriers and 
Controls 


D 

L 

RPN 

Recommended Actions 

6.2 

Call signs 

Misunderstood 
instructions; 
missed instruc- 
tions 

New and non- 
standard; mul- 
tiple users on 
individual call 
sign 

No communi- 
cation; 

miscommuni- 

cation 

Call to stations; 
pretest brief- 
ings 

9 

3 

3 

81 

In pretest briefings, establish un- 
derstanding of communication 
guidelines 

6.3 

Reliable equip- 
ment 

Misunderstood 
instructions; 
missed instruc- 
tions 

Defective 
equipment; 
static or other 
noise on chan- 
nel 

No communi- 
cation; 

miscommuni- 

cation 

Reliable system 
design to en- 
sure communi- 
cation 

10 

2 

2 

40 

Pretest checkout of communication 
system on separate work instruc- 
tions; preventive maintenance 


S = Severity 
D = Detection 
L = Likelihood 

RPN = Risk Priority Number (SxDxL) 
LTA = Less than adequate 
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